new icn messageflickr-free-ic3d pan white
Issues and Future Work | by Terriko
Back to photostream

Issues and Future Work

So here's some of the issues we found and some things I'd like to do. The big issue with ViSP is that it can only handle visual parts of the page, so if you've got JavaScript in your header, there's no way to encapsulate that. We found that in many cases, JavaScript was included where it was used, so you'd have menu code and the menu right together where the menu is displayed in the page instead of in the headers. But that may not always be the case.


It's unclear how that's going to work, just like it's unclear about how channels will work.


Several people, including one of my anonymous reviewers rightly suggested that ViSP might be even easier if it could be deployed not as separate XML but instead as a “security stylesheet” in CSS. So we're working on that. We're also putting together a user study for the fall so we can answer the question of whether it really is more usable. And of course, there are more tests to be had against other websites and real world attacks.


Note: This is part of my presentation on Visual Security Policy for the Web.

0 faves
Uploaded on August 23, 2010